fail2ban i Apache – teorijski uvod

Ima nekoliko fail2ban filtera vezanih za Apache (dolaze u fail2ban paketu), i veoma je važno koji log se dodeljuje kom filteru na nadzor. Koji su filteri u pitanju :
* apache-tcpwrapper : Under CentOS / RedHat Enterprise Linux, httpd (Apache) is not compiled with tcpwrappers support. Dakle ovaj filter nam ni ne treba.
* apache-badbots : protiv botova
“Bots”, for those not familiar with the term, are basically computer programs that “surf” multiple websites to perform a variety of automated tasks. It’s short for “robots”. Examples of bots include those used by the search engines. Those bots retrieve a copy of your web page so that they can include relevant terms from that page in their search index. Not all bots are benign however. Some bots go through your website looking for web forms and email addresses to send you spam. Other bots probe your website for security vulnerabilities.
* apache-shorewall (ili apache-noscript) : hvata stavke u logovima, kao što su “File does not exist” i/ili “script not found or unable to stat”
* apache-auth : hvata stavke sa lošim logovanjem na stranicu (u mom slučaju je u pitanju pristup webmail-u) – ovo ja kod mene zaustavljam sa pop3imap filterom koji pregledsa /var/log/maillog (videti raniji post)

Dakle od svih filtera koji dolaze sa fail2ban, a vezani su za Apache, trebaju nam tri : apache-badbots, apache-shorewall i apache-auth. Najbolje je aktivirati ih jedan po jedan, uz obavezno testiranje.

This entry was posted in Linux and tagged , , . Bookmark the permalink.

One Response to fail2ban i Apache – teorijski uvod

  1. Erwin says:

    Nothing.If its a web server it conant affect Windows services.If its running Samba with higer domain levels than the 2003 server then yes some of the settings can cause issues, but only for the windows file sharing.If your running services like dhcp that is configured wrong on the Linux machine which you should not be as its a web server you could have issues.